公开(公告)号：US20170237608A1

公开(公告)日：2017-08-17

申请号：US15044760

申请日：2016-02-16

Applicant: Architecture Technology Corporation

Inventor： John Wu ,  Nathan Bahr ,  Ranga Ramanujan ,  Brett Thompson ,  Steven M. Schneider ,  Corey Webster

IPC: H04L12/24 ,  H04L29/12

CPC classification number: H04L41/0803 ,  G06F15/177 ,  H04L61/103 ,  H04L61/2015

Abstract: In one example, in a Dynamic Host Configuration Protocol (DHCP) network comprising one or more configuration computing systems, a method includes receiving one or more augmented DHCP configuration messages. The method also includes determining that each of the one or more augmented DHCP configuration messages includes a message tag indicating that the respective augmented DHCP configuration message contains parameter information that includes a client identifier associated with a respective one of the one or more network devices. The method further includes determining, based on the parameter information included in each of the one or more augmented DHCP configuration messages, configuration data that is usable to configure the one or more network devices. The method also includes configuring, based on the configuration data, the one or more network devices.

公开(公告)号：US09736112B2

公开(公告)日：2017-08-15

申请号：US14512123

申请日：2014-10-10

Applicant: Architecture Technology Corporation

Inventor： Benjamin L. Burnett ,  Deborah K. Charan ,  Fabio Pozzo ,  Ranga Ramanujan

IPC: G06F15/173 ,  H04L29/06 ,  H04L12/24 ,  G06F15/00

CPC classification number: H04L63/02 ,  H04L41/0853 ,  H04L41/0856 ,  H04L41/22 ,  H04L41/28 ,  H04L63/0272 ,  H04L63/20

Abstract: This disclosure describes a context aware scalable dynamic network whereby network information concerning network elements in an untrusted (Black) network are gathered by network sensors, stored at a network sensor collector, and sent to another network sensor collector in a trusted (Red) network through a one-way guard. At the Red network, the network information from the Black network may be combined with network information from one or more Red networks. The combined network information may then be used to visualize a cross-domain network topology of both Red and Black networks, and to implement network management functions.

公开(公告)号：US20150334130A1

公开(公告)日：2015-11-19

申请号：US14809926

申请日：2015-07-27

Applicant: Architecture Technology Corporation

Inventor： Stephen K. Brueckner ,  Kenneth J. Thurber

IPC: H04L29/06 ,  G06F9/455

CPC classification number: H04L63/1441 ,  G06F9/45533 ,  G06F9/45558 ,  G06F21/552 ,  G06F2009/45587 ,  H04L63/1416 ,  H04L63/20

Abstract: A survivable network is described in which one or more network device includes enhanced functionality to fight through cyber attacks. A Fight-Through Node (FTN) is described, which may be a combined hardware/software system that enhances existing networks with survivability properties. A network node comprises a hardware-based processing system having a set of one or more processing units, a hypervisor executing on each one of the processing units, and a plurality of virtual machines executing on each of the hypervisor. The network node includes an application-level dispatcher to receive a plurality of transaction requests from a plurality of network communication session with a plurality of clients and distribute a copy of each of the transaction requests to the plurality of virtual machines executing on the network node over a plurality of time steps to form a processing pipeline of the virtual machines.

Abstract translation: 描述了一个可行的网络，其中一个或多个网络设备包括增强的功能以打击网络攻击。 描述了直通节点（FTN），其可以是增强具有生存性属性的现有网络的组合硬件/软件系统。 网络节点包括具有一组一个或多个处理单元的硬件处理系统，在每个处理单元上执行的管理程序，以及在每个管理程序上执行的多个虚拟机。 网络节点包括应用级调度器，用于从与多个客户端的多个网络通信会话中接收多个事务请求，并将每个事务请求的副本分发给在网络节点上执行的多个虚拟机 多个时间步骤来形成虚拟机的处理流水线。

公开(公告)号：US09191391B1

公开(公告)日：2015-11-17

申请号：US14577741

申请日：2014-12-19

Applicant: Architecture Technology Corporation

Inventor： Matthew A. Stillerman

IPC: G06F7/04 ,  H04L29/06 ,  G06F21/62

CPC classification number: H04L63/20 ,  G06F21/606 ,  G06F21/6218 ,  H04L63/10

Abstract: Techniques are described for controlling transfer of information in a secure manner across multiple network security domains. As described herein, cross-domain sharing may be facilitated by use of a common model that is shared by participants from the different network security domains. An example system is described in which a plurality of network domains comprises a respective set of client computing devices. A cross-domain object model specification specifies object classes for cross-domain objects accessible to the client computing devices. For each of the object classes, the cross-domain object model specification defines a plurality of data fields and specifies which of the data fields of the respective object class can be exposed to each of the respective network domains. A protected object repository positioned within each of the network domains stores an authorized portion of each of the cross-domain objects in accordance with the cross-domain object model specification.

Abstract translation: 描述了用于以多个网络安全域中的安全方式控制信息传输的技术。 如本文所述，可以通过使用来自不同网络安全域的参与者共享的公共模型来促进跨域共享。 描述了示例系统，其中多个网络域包括相应的一组客户端计算设备。 跨域对象模型规范为客户端计算设备可访问的跨域对象指定对象类。 对于每个对象类，跨域对象模型规范定义多个数据字段，并且指定相应对象类的哪些数据字段可以暴露给相应网络域中的每一个。 位于每个网络域内​​的受保护对象存储库根据跨域对象模型规范存储每个跨域对象的授权部分。

公开(公告)号：US09191377B2

公开(公告)日：2015-11-17

申请号：US14165192

申请日：2014-01-27

Applicant: Architecture Technology Corporation

Inventor： Deborah K. Charan ,  Taylor Bouvin ,  Ranga Ramanujan ,  Barry A. Trent

IPC: H04L29/06

CPC classification number: H04L63/0471 ,  H04L63/0428 ,  H04L63/164 ,  H04L63/166 ,  H04L63/18

Abstract: This disclosure is directed to techniques for providing communication between devices in different networks wherein the communication must first pass through an encryption mechanism and the devices do not have the stand-alone capability to encrypt or decrypt the communication. According to these techniques, an adapter may determine certain fields in a data packet that remain unencrypted when the data packet passes through the encryption mechanism. The adapter may then process those fields in such a way that, when the data packets are received by a second adapter, the second adapter may read those fields and obtain information.

Abstract translation: 本公开涉及用于在不同网络中的设备之间提供通信的技术，其中通信必须首先通过加密机制，并且该设备不具有加密或解密通信的独立能力。 根据这些技术，当数据分组通过加密机制时，适配器可以确定在数据分组中保持未加密的某些字段。 然后，适配器可以以这样的方式处理这些字段，即当数据分组被第二适配器接收时，第二适配器可以读取这些字段并获得信息。

公开(公告)号：US20150213730A1

公开(公告)日：2015-07-30

申请号：US14683923

申请日：2015-04-10

Applicant: Architecture Technology Corporation

Inventor： Stephen K. Brueckner ,  Frank N. Adelstein ,  Haim Yehuda Bar ,  Matthew P. Donovan

IPC: G09B19/00

CPC classification number: G09B19/0053 ,  G09B5/00 ,  G09B7/00 ,  G09B9/00 ,  G09B19/003 ,  H04L63/029 ,  H04L63/1441 ,  H04L63/145 ,  H04L63/1458 ,  H04L63/1475

Abstract: This disclosure generally relates to automated execution and evaluation of computer network training exercises, such as in a virtual machine environment. An example environment includes a control and monitoring system, an attack system, and a target system. The control and monitoring system initiates a training scenario to cause the attack system to engage in an attack against the target system. The target system then performs an action in response to the attack. Monitor information associated with the attack against the target system is collected by continuously monitoring the training scenario. The attack system is then capable of sending dynamic response data to the target system, wherein the dynamic response data is generated according to the collected monitor information to adapt the training scenario to the action performed by the target system. The control and monitoring system then generates an automated evaluation based upon the collected monitor information.

公开(公告)号：US20150146603A1

公开(公告)日：2015-05-28

申请号：US14216732

申请日：2014-03-17

Applicant: Architecture Technology Corporation

Inventor： John Wu ,  Nathan Bahr ,  Maher Kaddoura ,  Ranga Ramanujan

IPC: H04L12/18

CPC classification number: H04L12/185 ,  H04L12/1886 ,  H04L12/189 ,  H04L29/06455 ,  H04L61/2069 ,  H04W4/08

Abstract: This disclosure is directed to techniques for communicating in an adaptive multicast network. In general, the disclosure is directed to communicating in an adaptive multicast network. This may be done by archiving, at a rendezvous point, multicast subscription information for terminal nodes in the adaptive multicast network, wherein the multicast subscription information comprises a dynamic list of receiver terminal nodes located within the adaptive multicast network that subscribe to particular multicast streams from one or more terminal nodes in the adaptive multicast network. A router receives a multicast stream from a sender terminal node. The router receives the multicast subscription information for the multicast stream sent by the sender terminal node from the rendezvous point. The router forwards the multicast stream to all receiver terminal nodes in the dynamic list of receiver terminal nodes indicated as subscribing to the multicast stream sent by the sender terminal node.

Abstract translation: 本公开涉及用于在自适应多播网络中进行通信的技术。 通常，本公开涉及在自适应组播网络中进行通信。 这可以通过在会合点归档在自适应组播网络中的终端节点的多播订阅信息来完成，其中多播订阅信息包括位于自适应组播网络内的接收机终端节点的动态列表，其中订阅特定多播流的接收机终端节点 自适应组播网络中的一个或多个终端节点。 路由器接收来自发送方终端节点的多播流。 路由器接收发送方终端节点从会合点发送的组播流的组播预约信息。 路由器将组播流转发到订阅由发送方终端发送的组播流表示的接收方终端节点的动态列表中的所有接收方终端节点。

公开(公告)号：US20140310810A1

公开(公告)日：2014-10-16

申请号：US14165368

申请日：2014-01-27

Applicant: Architecture Technology Corporation

Inventor： Stephen K. Brueckner ,  Kenneth J. Thurber

IPC: H04L29/06 ,  G06F9/455

CPC classification number: H04L63/1441 ,  G06F9/45533 ,  G06F9/45558 ,  G06F21/552 ,  G06F2009/45587 ,  H04L63/1416 ,  H04L63/20

Abstract: A survivable network is described in which one or more network device includes enhanced functionality to fight through cyber attacks. A Fight-Through Node (FTN) is described, which may be a combined hardware/software system that enhances existing networks with survivability properties. A network node comprises a hardware-based processing system having a set of one or more processing units, a hypervisor executing on each one of the processing units, and a plurality of virtual machines executing on each of the hypervisor. The network node includes an application-level dispatcher to receive a plurality of transaction requests from a plurality of network communication session with a plurality of clients and distribute a copy of each of the transaction requests to the plurality of virtual machines executing on the network node over a plurality of time steps to form a processing pipeline of the virtual machines.

Abstract translation: 描述了一个可行的网络，其中一个或多个网络设备包括增强的功能以打击网络攻击。 描述了直通节点（FTN），其可以是增强具有生存性属性的现有网络的组合硬件/软件系统。 网络节点包括具有一组一个或多个处理单元的硬件处理系统，在每个处理单元上执行的管理程序，以及在每个管理程序上执行的多个虚拟机。 网络节点包括应用级调度器，用于从与多个客户端的多个网络通信会话中接收多个事务请求，并将每个事务请求的副本分发给在网络节点上执行的多个虚拟机 多个时间步骤来形成虚拟机的处理流水线。

公开(公告)号：US20130325889A1

公开(公告)日：2013-12-05

申请号：US13965007

申请日：2013-08-12

Applicant: Architecture Technology Corporation

Inventor： Kenneth J. Thurber ,  Robert A. Joyce ,  Julia A. Baker

IPC: G06F17/30

CPC classification number: G06F17/30011 ,  G06F21/64 ,  H04L29/0687 ,  H04L63/105 ,  H04L63/12

Abstract: This disclosure describes techniques for dynamically assembling and utilizing a pedigree of a resource. A pedigree of a resource is a set of statements that describe a provenance of the resource. As described herein, a document may include local pedigree fragments and optionally one or more pointers to remote pedigree fragments not locally stored in the document. A pedigree fragment, generally, is a data structure that specifies a direct relationship between a first resource, e.g., a primary resource, and a second resource from which an asserted fact of the first resource is derived. Because a pedigree fragment specifies such direct relationships, a set of pedigree fragments may be used to assemble the complete pedigree of resource.

Abstract translation: 本公开描述了用于动态组合和利用资源谱系的技术。 资源的血统是描述资源来源的一组语句。 如本文所述，文档可以包括本地谱系片段和可选地一个或多个指向远程谱系片段的指向，而不是本地存储在文档中。 通常，谱系片段是指定第一资源（例如，主资源）和从其导出第一资源的断言事实的第二资源之间的直接关系的数据结构。 因为一个谱系片段指定了这样的直接关系，所以可以使用一组谱系片段来组合完整的资源谱系。

公开(公告)号：US20130174256A1

公开(公告)日：2013-07-04

申请号：US13730706

申请日：2012-12-28

Applicant: Architecture Technology Corporation

Inventor： Judson Powers

IPC: H04L29/06

CPC classification number: H04L63/145 ,  H04L63/1416 ,  H04L63/1425 ,  H04L2463/144

Abstract: A network defense system is described that provides network sensor infrastructure and a framework for managing and executing advanced cyber security algorithms specialized for detecting highly-distributed, stealth network attacks. In one example, a system includes a data collection and storage subsystem that provides a central repository to store network traffic data received from sensors positioned within geographically separate networks. Cyber defense algorithms analyze the network traffic data and detect centrally-controlled malware that is configured to perform distributed network attacks (“botnet attacks”) from devices within the geographically separate networks. A visualization and decision-making subsystem generates a user interface that presents an electronic map of geographic locations of source devices and target devices of the botnet attacks. The data collection and storage subsystem stores a manifest of parameters for the network traffic data to be analyzed by each of the cyber defense algorithms.

Abstract translation: 描述了一种网络防御系统，其提供网络传感器基础设施和用于管理和执行专用于检测高度分布式隐形网络攻击的高级网络安全算法的框架。 在一个示例中，系统包括数据收集和存储子系统，其提供中央存储库以存储从位于地理上分离的网络内的传感器接收的网络流量数据。 网络防御算法分析网络流量数据，并检测被配置为从地理上分离的网络中的设备执行分布式网络攻击（“僵尸网络攻击”）的集中控制的恶意软件。 可视化和决策子系统生成用户界面，其显示源设备和僵尸网络攻击的目标设备的地理位置的电子地图。 数据采集​​和存储子系统存储每个网络防御算法要分析的网络流量数据的参数清单。